Yahoo's Mayer points to Russians in data-breach apology

Marissa Mayer

Yahoo's Mayer points to Russians in data-breach apology

Verizon closed its $4.5 billion acquisition of Yahoo in June, when Mayer resigned from the company.

Executives from Yahoo and Equifax testified to Congress on Wednesday, apologizing for massive breaches affecting billions of people around the world.

While testifying, the 42-year-old said she wants to "sincerely apologize to each and every one of our users.' She said that the company defended itself against a barrage of state-sponsored and private hacks over the years".

Some of the most pointed questioning came from Thune when he asked Mayer how the company for so long failed to recognize that data for all 3 billion of its user accounts were compromised.

Mayer said Yahoo has not been able to identify how the 2013 intrusion occurred and that the company did not learn of the incident until the US government presented data to Yahoo in November 2016. A representative for Mayer said on Tuesday she was appearing voluntarily.

Mayer apologized for both breaches and said that its hard for companies to fight against state-sponsored attackers who "tend to be more sophisticated, more persistent and who attack more targets.They're very good at hiding their tracks", she said.

In the end, she said "Russian agents intruded on our systems and stole our users" data'.

It was a packed house on Capitol Hill: both the current and former Equifax CEOs, Paulino do Rego Barros, Jr. and Rick Smith, respectively, testified. A breach in 2014 affected 500 million Yahoo accounts and, in a first, led to the USA government criminally charging two Russian spies for cyber crimes.

The hearing comes after Equifax said failure to install a security update may have led to exposure of information of more than 145 million people in the U.S. and nearly 700,000 people in the UK. A breach at the credit-reporting company earlier this year exposed personal data for 145 million consumers. Bill Nelson, D-Fla., said.

Consultants hired by Equifax to investigate haven't been able to identify the attackers, according to a summary of their report provided to Senate staff before Wednesday's hearing and obtained by Bloomberg.

Mayer noted that after Yahoo discovered the first hacks in late 2016, Yahoo required all of its users to change their passwords if they hadn't, and scrapped old security questions.

Latest News